Credit: Edgar Cervantes / Android Authority
- A popular Android barcode scanner app has been outed as malicious.
- Barcode Scanner was discovered to harbor a trojan that opens bogus sites and prompts app downloads.
- The app has since been removed from the Google Play Store.
Some popular Google Play Store apps may seem harmless at first, but a new report reminds us that we should always be cognizant that apps can change. Malwarebytes (h/t: 9to5Google) has discovered that a popular barcode scanner app is infected with malware.
The app in question, simply called Barcode Scanner, is developed by Lavabird Ltd. Per its title, it’s a free app that enables scanning of barcodes and QR codes. While free apps usually employ advertising SDKs which tend to grow overly aggressive at times, Malwarebytes explains that this wasn’t the case with Barcode Scanner.
Instead, a new update pushed to the app added lines of malicious code. The security firm discovered that this was a trojan, specifically Android/Trojan.HiddenAds.AdQR. The malicious code also used “heavy obfuscation to avoid detection,” the report adds.
The malware targets users by automatically launching the browser, loading bogus websites and popups, and prompting the installation of malicious apps.
Before the malware issue was uncovered, Barcode Scanner was a popular app. It featured a four-star rating on the app store with over 73,000 reviews. The Play Store suggests the app had been installed by over 10 million users. However, since Malwarebytes’ report, the app has been removed from the Play Store entirely.
Do you have Barcode Scanner installed?
There are a slew of barcode scanner apps on the Play Store, but you’re looking for a specific product with the package name com.qrcodescanner.barcodescanner. If you have this particular app installed, it might be best to ditch it immediately.
It’s not uncommon for malicious apps to make their way onto the Play Store. Although Google has put layers of security and checks in place to mitigate this, these buffers aren’t always enough. But in the case of Barcode Scanner, it’s pretty tough to weed out seemingly safe apps from sudden trojans.